Overview
This following information outlines the criteria for identifying and designating a Federated Authorization Security Contact according to the University’s Federated Authorization Process guidelines. Each University area should designate a primary and secondary Security Contact. This document covers:
- The responsibilities of a Security Contact
- The qualifications for a Security Contact
- How to designate a Security Contact
- How to request that responsibility be removed from a SecurityContact
If you have any questions about this procedure, please contact the Technology Help Desk at 412-624-HELP (4357) or helpdesk@pitt.edu.
Detail
Security Contact Responsibilities
Security Contacts are responsible for ensuring that only authorized University employees have access to the Student Information Systems (PeopleSoft) and Student Mart data needed to do their jobs. Security Contacts therefore have the important responsibility of preserving student confidentiality and data integrity. As a result, all PeopleSoft and Student Mart user access requests must be reviewed and approved by the Security Contacts. Individuals fulfilling the role of Security Contact must meet certain qualifications in order to ascertain that a user’s request is appropriate and to ensure the Federated Authorization process is successfully followed.
Security Contact Qualifications
Designated Security Contacts must:
- Understand their University area’s business and academic processes
- Be familiar with the job duties of all Student Mart and PeopleSoft users in their area
- Be in a position of authority to independently grant and revoke access privileges
- Complete the appropriate Federated Authorization training course
Note: Security Contacts should have worked with the University Area for several years, giving them an inherent understanding of their area’s employees and processes. Therefore, administrative assistants, student workers, new hires, contractors, graduate, and post doc students working in the area would not be the most appropriate choice.
Process for Designating a New Security Contact
- An existing Security Contact or the head of each University area (dean, director, regional president, or department head, depending on the University area) should identify a candidate that meets the qualifications above and submit an online request or email to helpdesk@pitt.edu to the attention of Pitt IT Security, identifying the individual and why they were selected. Please include the following information:
- Security Contact’s Name
- Security Contact’s Title
- Phone number
- Username
- Brief description of how the individual meets the criteria for a Security Contact
- The Technology Help Desk will receive the request and transfer the case to Pitt IT Security.
- Pitt IT Security will evaluate the request.
- If approved, Pitt IT Security adds the new Security contact to the relevant Central Directory Service (CDS) group, adds the SA_VIEW_SECURITY_CONTACTS role to their PeopleSoft user profile, and updates the Federated Authorization Security Contact list on the Technology website.
- The newly appointed Security Contact is responsible for reading and understanding all of the information in the Federated Authorization Community and for scheduling training with a peer Security Contact.
Process for Removing a Security Contact
An existing Security Contact or the the head of a University area (dean, director, regional president, or department head, depending on the University area) should immediately contact the Technology Help Desk at 412-624-HELP (4357) or helpdesk@pitt.edu to have a Security Contact removed from the list.
Get Help
The Technology Help Desk at 412 624-HELP (4357) is available 24-hours a day, seven days a week to answer your technology-related questions. Questions can also be submitted via the Web at technology.pitt.edu.
EMAIL AND ACCOUNT SECURITY
Keep Your Accounts, Yours
The Account Administration service enables the University to manage its account services in an effort to securely verify and protect its identity with tools, such as Multifactor Authentication and Federated Authorization Process (Student Mart Access).
Those who utilize our Pitt Email (Outlook) service are also provided with access to select services to securely manage email communications with Advanced Threat Protection and Enterprise Spam and Virus Filter Service with Exchange Online Protection (EOP).
IT GOVERNANCE
Practice Good Governance with Our Guidance
Pitt IT regularly updates its security knowledge base with the latest governance standards, while also ensuring the University’s safety against external attacks and internal accidents with industry-leading security methods and best-practices. Request guidance or support from Pitt IT or learn more with the resources below.
CONTACT US
IT Governance and Regulatory Compliance
Maintain compliance with applicable laws and regulations for restricted data (e.g., DFARS/CMMC, FERPA, GDPR/PIPL, GLBA, HIPAA, NIST 800-171, PCI)
Data Classification & Compliance
Protect the privacy of students, alumni, faculty, and staff through precautions and data classifications measures that guard against unauthorized access.
Governance & Policy Security Guides
Maintain safety practices around policies and standards with our easy-to-follow guides — developed and maintained for accuracy by Pitt IT Security and organized below.
GOVERNANCE GUIDES
Google Drive Security Guide
Microsoft Outlook Email Encryption Guide
Microsoft Teams Security Guide
OneDrive Security Guide
Qualtrics Security Guide
Sharepoint Security Guide
Workstation Standards Guide
Zoom Security Guide
eSignature Sevice (DocuSign) Security Guide
IT POLICIES AND PROCEDURES
Master University Guidelines
Pitt IT has partnered with University communities to establish security policies that help protect computers and information from security threats — such as viruses, Trojan horses, hackers, and other forms of cybercrime.
Review these policies to help your department protect its data, while also adhering to state and federal regulations regarding technology.
VIEW IT POLICIES & INFORMATION
IT SECURITY AUDIT SUPPORT
Manage Security Audits with Our Help
Pitt IT Security is available to assist departments and schools in all IT security audit needs — including regulatory requests. Contact us for expert guidance in managing and executing audit processes through risk identification, evaluation, and mitigation.
CONTACT US
IT Audit Guidance
Request risk-based security audits from Pitt IT Security to determine if your University data is adequately protected. Assistance is also offered in cases where departments are requested to perform and report internal IT audits.
IT Risk Management
Improve your departmental risk identification, evaluation, and mitigation capabilities by working with Pitt IT Security to identify risks, assess any potential impacts, and lessen risks by implimenting mitigation controls.
IT Contract & Agreement Review Service
Review contracts and agreements with our guidance to determine if your department and the University can meet contractually obligated data-security requirements.
AUDIT & RISK RESOURCES
dbGaP (Database of Genotype and Phenotype) Reviews
E-Business Solution Risk Assessments
General Security Risk Assessments and Consultations
Institutional Review Board (IRB) Risk and Research Assessment
Security Vulnerability Assessment
System Security Plan Development
Third-party Vendor Risk Assessments
THREAT AND INCIDENT MANAGEMENT
Identify Risks Before They Become Threats
Pitt IT Security can help you identify potential threats before they become issues for your department. Are you concerned that your data has already been compromised? Pitt IT Security will help you assess the situation, manage the incident, and respond to University stakeholders and legal partners.
LEARN MORE
Access Management
Ensure appropriate access for network users through network security controls, ID management, authentication measures, physical security, remote support tools, and encryption management.
Incident Management
Request our help to quickly restore normal service operations after an incident and minimize the impact on business operations — ensuring service quality and availability are maintained.
Investigations and Forensics
Partner with us to investigate your networks and systems when requests are submitted to you by OUC or Law Enforcement.
Threat Detection and Response
Proactively search for cyber threats and use the latest practices to find malicious actors in your environment that have slipped past your initial endpoint security defenses.
Vulnerability Management
Identify vulnerabilities in managed systems, evaluate the severity of risks, and take planned actions for correcting these issues with our guidance and support.
Security Operations
Safeguard your systems by having our Threat and Incident Management Team triage potential University network threats by evaluating inputs from many security, network, and system tools.
IT SECURITY ARCHITECTURE AND ENGINEERING
Build a Security Strategy that Fits Your Needs
Security architecture can help you design and document key elements of your overall security program, which ensures that your department and users can understand and utilize methods for creating safe, collaborative digital environments. Pitt IT Security will work closely with you to create a well-defined strategy that fits your needs and uses industry-leading best practices to enable your department’s security and success.
LEARN MORE
Strategy and Design
Plan and create your IT environment with security as a top priority.
Security Tooling
Implement the proper tools and security measures for your needs.
Solution Engineering
Design and develop secure solutions that fit your unique work processes and data needs.
Related Information